Nemo discovered an off-by-one error leading to a heap overflow in
irssi's event_wallops() parsing function.

Impact

A remote attacker might entice a user to connect to a malicious IRC
server, use a man-in-the-middle attack to redirect a user to such a
server or use ircop rights to send a specially crafted WALLOPS message,
which might result in the execution of arbitrary code with the
privileges of the user running irssi.